CVE-2018-18389

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-18389
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-18389.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-18389
Aliases
Withdrawn
2024-05-08T06:51:05.818470Z
Published
2018-10-16T18:29:01Z
Modified
2023-11-28T15:12:40.984695Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.

References

Affected packages

Git / github.com/neo4j/neo4j

Affected ranges

Type
GIT
Repo
https://github.com/neo4j/neo4j
Events

Affected versions

3.*

3.1.9
3.2.12
3.2.13
3.3.6
3.3.7
3.3.8
3.4.0
3.4.1
3.4.2
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8